October 2024 has been a productive month for Interactive malware analysis platform ANY.RUN, bringing a series of improvements aimed at enhancing threat detection and malware analysis capabilities.
The platform, which serves over 500,000 security professionals worldwide, introduced several key features and updates designed to streamline and improve cybersecurity operations.
Upgraded Linux Sandbox
ANY.RUN has significantly upgraded its Linux sandbox, offering users a more seamless and stable experience.
The enhancements include:
- File Events Tracking: Users can now monitor all file actions, including creation, modification, and deletion, within the analysis report.
- Improved Process Tree: Analysis of malware behaviors is now smoother, with a lag-free process tree.
- Real-time File Uploads: Users can upload files during an active session without needing to restart, allowing for greater flexibility in investigations.
Try Malware and Phishing Analysis in ANY.RUN’s Linux Sandbox for Free
STIX Reports for Enhanced Cyber Intelligence Sharing
ANY.RUN has introduced the ability to export threat analysis data in the Structured Threat Information eXpression (STIX) format. This standardized format enables efficient and consistent sharing of threat intelligence across platforms.
Key features include:
- Comprehensive data inclusion, including file hashes, network traffic, and file system modifications.
- Compatibility with SIEM systems and other automated tools for streamlined threat detection.
- Enhanced collaboration between teams through seamless data sharing.
TI Lookup Notifications
The new Threat Intelligence (TI) Lookup Notifications feature allows users to subscribe to real-time updates on their specific queries.
Users can now receive automatic updates on Indicators of Compromise (IOCs), Indicators of Attack (IOAs), and Indicators of Behavior (IOBs).
This feature ensures that users stay informed about the latest developments in their threat landscape, helping them refine detection rules and strengthen defenses.
Export Session Lists from Team History
A new feature allows teams to export analysis session lists in JSON format, providing a structured record of all sandbox sessions. This feature aids in better record-keeping and reporting for team activities.
Custom Tags for API Analysis Sessions
ANY.RUN has introduced the option to assign custom tags for sandbox sessions via the API, offering greater flexibility in organizing and categorizing analyses.
Redesigned Threat Intelligence Home Screen with MITRE ATT&CK Matrix
The Threat Intelligence home screen has been revamped, now featuring a MITRE ATT&CK matrix for better visualization of threats. This redesign aims to give users a clearer understanding of the tactics and techniques used by malicious actors.
Expanded Threat Detection Capabilities
New Signatures and YARA Rules
In October, ANY.RUN expanded its detection capabilities by adding 90 new signatures for various malware types and tools, including VOBFUS, LockBit3, and more.
ANY.RUN added 9 new YARA rules, covering various malware families, programming language-based detections, and refinements for better accuracy.
Phishing Detection Enhancements
The platform also introduced more advanced heuristics and proactive phishing detection signatures, identifying over 5,000 malicious domains tied to phishing campaigns.
Enhanced detection for phishing kits, such as Mamba2FA, was also included, alongside a focus on tracking phishing campaigns by groups like Storm.
What is ANY.RUN?
ANY.RUN supports over 500,000 cybersecurity professionals globally by making malware analysis easier. Our interactive sandbox allows users to analyze threats on both Windows and Linux systems.
Our threat intelligence tools—TI Lookup, Yara Search, and Feeds—help quickly find indicators of compromise (IOCs) and files to better understand threats and respond to incidents faster.
Join ANY.RUN today for fast, easy, and unlimited access to comprehensive malware analysis!